certificate issuing for mail list users
Paul Schmehl
pauls at utdallas.edu
Fri Apr 27 16:57:27 UTC 2007
--On Friday, April 27, 2007 09:52:44 -0700 David Southwell
<david at vizion2000.net> wrote:
>
> I think I may not have been clear on this posting because you seem to be
> misunderstanding my question. I have been very appreciative of the
> responses I have received.
>
> I now moving on from that point and want to know if someone has built a
> web interface that enables people to request certificates and supply
> them so as to integrate certificate issuing into the total problem
> solution.
Yes. Verisign has. It sucks, although for the purpose for which you
intend to use it, it would suck less.
I'm assuming you want to issue a single cert to each user, not separate
signing and encryption certs?
Verisign has two ways that you can do that.
You can use their servers, which requires that the administrators intervene
with each request for a cert. This is not burdensome if you're only going
to be issuing a few dozen certs. If you're going to be issuing hundreds,
you want to avoid this system.
You can install your own, locally-hosted, certificate system. So long as
all you're doing is issuing certs, and you're not trying to intergrate with
Exchange, that system works fine. The Exchange integration is extremely
fragile and breaks in interesting ways that are difficult to troubleshoot.
There may be other competitors now, but I am not aware of them.
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-ports
mailing list